Hello,
is it possible to upgrade the 411U RouterBoard (RB411U) to the latest version or can you recommend me the latest compatible version?
I bought it cheaply and it came with RouterOS v5.6.
Thanks for any replies
Yes, it should be possible. But since you are running 5.x you will have to do that manually: https://wiki.mikrotik.com/wiki/Manual:Upgrading_RouterOS.
I’d start from https://download.mikrotik.com/routeros/6.44.5/routeros-mipsbe-6.44.5.npk - RB4xx is still listed among supported models.
Thanks 
You can use newest RouterOS on ALL MikroTik devices, except RB133C
You mean except “RB133C and all other mipsle devices”.
It’s good to do netinstall instead of updating from the ROS when going from some old version.
Export the configuration and then reconfigure it again manually.
Updating the system as it is may result in invalid configuration and you may be locked out in some cases…
t’s good to do netinstall instead of updating from the ROS when going from some old version.
Please define some old version.
I am in a similar situation although I did not install any of the routers. I discovered two routers at 6.9, one at 6.34.2, and a bunch of others ranging from 6.40 to 6.43.12.
I am guessing that updating to the latest long-term 6.44.5 on anything newer than 6.40 should not introduce issues. What about updating 6.9 or 6.34.2 to 6.44.5? Should we update those three incrementally? Say update first to 6.20 then to 6.44.5?
Thank you.
A part of this post gives my opinion on this.
OK, update incrementally. I am proposing to the owner we grab a shelf spare of the same model and then test incremental updates on the bench. After being satisfied, swap in the field. If anything burps then just restore the original device and bench test again.
How do we do that when shelf spares are highly unlikely to have version 6.9 installed? Can we force a router back that far to start testing? I found this thread, although I don’t know if that method can be used to downgrade so far back.
Along with each incremental update I suppose we compare export backups to notice anything significant.
Outside of reading every single change log, are there notable or obvious changes we should be aware? I am a mom-and-pop sysadmin and not a Mikrotik guru or network engineer. For example, in the other thread you mentioned converting from “master port” to “bridge” . I have no idea what that is about although I found a wiki topic.
I notice in your signature you mention post /export hide-sensitive. Do you normally use that option in backups or just when posting configs publicly?
Thank you!
I don’t remember whether this came in 6.40 or 6.41, but the old way of allowing frames to be forwarded within a group of Ethernet ports by the switch chip, bypassing any CPU handling, was to choose one of the ports in the group and indicate it as a “master port” to all other ones. In the rest of the configuration you then used only the master port. The master port could be made a member of a software bridge, but even if another Ethernet port of the same switch chip was made a member of that bridge, the frames between any of the ports in the group and this other port were forwarded in software,
The new way always uses the bridge interface and all the Ethernet ports of the group are made member ports of that bridge. The traffic between the bridge ports is forwarded directly by the switch chip based merely on the fact that all of them are members of the same bridge, but you can disable this on a per-port basis.
Another thing is that the IPsec configuration structure has changed twice between 6.40 and 6.45, maybe even before.
The whole signature is only about obfuscation before publishing. Even if you were paranoid and wanted to store the passwords separately from the configuration, it would be better to export without hide-sensitive and do CtrlX - CtrlV.
I don’t remember whether this came in 6.40 or 6.41…
The wiki topic states the change occurred in 6.41 and the update includes a script to automatically reconfigure. I suppose then in an incremental update, that 6.41 is one of the key increment points.
Another thing is that the IPsec configuration structure has changed twice between 6.40 and 6.45, maybe even before.
To my knowledge not being used here, but nice to know.